Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

The Week in Application Security News: November 4–11, 2013

Before you get hit with the next flood of security news, catch up on the big stories that caught the AppSec community over the past week. From pre-Cyber Monday safety tips to the ground-breaking revelation that ‘12356’ is a really popular password to the untraceable Bitcoin robbery of $1.2M, we’ve got you covered.

  • The argument for two-step authentication was strengthened this week, first when Adobe suffered a staggering security breach of user login credentials and then a few days later when a new study discovered that on average, 15 out of 16 logins are, in fact, completed by automated and potentially malicious hacking tools. Only six percent of visitors were either actual humans or ‘benevolent bots’, like search engines.
  • Microsoft issued a security advisory and a temporary fix for a Zero-Day Remote code execution vulnerability that could be exploited to install malware via targeted word documents. Potentially affecting users of Office, Lync and Windows users, the vulnerability involves specially crafted TIFF images, Microsoft released in a post. A permanent fix is expected for the December Security Update, but Microsoft users should be aware of the threat and take precautions.
  • A newly released study says that the data of over 16 million Americans was compromised in 2012 – and at least a quarter of them ended up suffering from fraudulent activity. Between credit/debit card numbers, Social Security numbers, online banking details and bank account numbers, over four million Americans reported their data having been used by hackers. The report concluded with a recommendation for ongoing risk assessments, especially for the financial, healthcare, and retail industries.
  • A Ponemon Institute Study revealed that the cost of an attack on the upcoming Cyber Monday (December 1st) could cost a large organization upwards of $3.4 million for just one hour of downtime due to an attack, including losses of customer trust and brand damage. With 64% of organizations reporting an annual increase of attacks during the holiday season, it’s high time to take some preventative measures in securing your eCommerce site before the holidays hit.
  • And if you had confidence in the online exchange of Bitcoins, you may want to reconsider: last week, hackers got a hold of 4,100 BTC, or around $1.3 million from a Bitcoin site that deals with the online currency. Because of the elusiveness of Bitcoins online, it’s unlikely the hackers will ever be found. The site’s founder, known only as TradeFortress, doesn’t “recommend storing any Bitcoins accessible on computers connected to the Internet.”

Jump to Category